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This listing of claims will replace all prior versions, and listings, of claims in the application; 

1. (currently amended) A method for performing network address translation on 
data, the method comprising: 

receiving a first data having a first source address and a first destination 
address, wherein the first data is sent by a first node in a first domain source to a 
second node in a second domain dostinatioa, and wherein the first data is received 
into a first interface and output from a se cond interface, and wherein the first 
domain differs from the second domain : 

obtaining routing information for the first data; 

when the first sourc e address io private , translating the first source address 
into a first public address and forming a first binding between the first source 
address, the first public address, and the first interface if there is not such a 
binding formed already, wherein the translation is performed prior to sending the 
first data to the second domain destination; 

when the first destination address has an associated binding, translating the 
first destination address into a first private address specified by the associated 
binding n^ocTfitad with tho first d e stination addroGS t hat is also a ssociated with the 
first private address, and the second interface, wherein the translation of the first 
destination address is performed prior to sending the first data out the second 
interface to the second domain destination node: and 

sending the first data to the second domain d e stination node based on the 
routing information. 

2. (original) A method as recited in claim 1, wherein the first binding is formed 
using one or more Translation Tables. 
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3. (original) A method as recited in claim 1, wherein the first public address is 
selected from a pool of available public addresses. 

4. (currently amended) A method as recited in claim 1, wherein when the first data 
has a DNS payload, the method further comprises: 

translating the DNS payload of the first data into a second public address, wherein 
the translation of the first destination address is performed prior to sending the first data to the 
second && mam 4 estination node; and 

forming a second binding between the DNS payload address, the second public 
address, and the first interface. 

5. (cancelled) 

6. (currently amended) A method as recited in claim 1 3 wherein the first data is a 
DNS request, the method further comprising: 

receiving a second data after the first data, wherein the second data has a 
second source address, a second destination address, and a DNS payload address, 
wherein the second data is sent by a third node in t he second domain aouroo to the 
first node in the first domain d e straafea a , and wherein the second data is a DNS 
reply received into a the second interface and output from the first interface: 

obtaining routing information for the second data; 

when tho DNS payload addr e ss is privat e; translating the DNS payload 
address into a second public address and forming a second binding between the 
DNS payload address, the second public address, and the second interface, 
wherein the translation is performed prior to sending the second data out the first 
interface to the first domain d e stination node: and 
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sending the second data to the first domain destination node based on the 
routing information obtained for the second data. 

7. (original) A method as recited in claim 6, wherein the first binding between 
the first source address, the first public address, and the first interface is formed by creating a 
first entry in a first table that includes a first identifier for both title first public address and the 
first destination address, a destination pointer that references information on how to translate a 
destination address of a first subsequently received data from the first public address to the first 
source address, and a source pointer that references a null value. 

8. (original) A method as recited in claim 7 a wherein the source pointer 
referencing a null value indicates that the source address of the first subsequently received data 
does not require translation. 

9. (original) A method as recited in claim 8, the method further comprising 
modifying the first binding, wherein the first binding is modified and the second binding is 
formed by: 

creating a second entry in the first table that includes a second identifier for both 
the first source address and the second public address, a destination pointer that references 
information on how to translate a destination address of a second subsequently received data 
from the second public address into the DNS payload address, and a source pointer that 
references information on how to translate a source address of the same second subsequently 
received data from the first source address into the first public address; and 

creating a third entry in the first table that includes a third identifier for both the 
DNS payload address and the first public address, a destination pointer that references 
information on how to translate a destination address of a third subsequently received data from 
the first public address into the first source address, and a source pointer that references 
information on how to translate a source address of the third subsequently received data from the 
DNS payload address into the second public address. 
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10. (original) A method as recited in claim 9, wherein the destination and source 
pointers each reference a pair having a private address of a particular interface and a 
corresponding public address, wherein the pair provide pre-translation and post-translation 
addresses for a particular source or destination address. 

1 1 . (original) A method as recited in claim 1, further comprising tracking which 
interfaces may communicate with which other interfaces. 

12. (original) A method as recited in claim 11, wherein tracking is accomplished 
by setting up or disma ntling one or more groups that each define which interfaces may 
communicate with each other. 

13. (original) A method as recited in claim 12, the method further comprising 
selecting a pool of public addresses for each group . 

14. (currently amended) A network address translation (NAT) system operable to 
perform network address translation on data, the NAT system comprising: 

one or more processors; 

one or more memory, wherein at least one of the processors and memory 

are adapted to: 

receive a first data having a first source address and a first 
destination address, wherein the first data is sent by a first node in a first 
domain oouroo to a second node in a second domain d e stination, and 
wherein the first data is received into a first interface and output from a 
second interface, and wherein the first domain differs from the second 
domain; 

obtain routing information for the first data; 
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whon the first som - ec - addrcss is private , translate the fiist source 
address into a first public address and forming a first binding between the 
first source address, the first public address, and the first interface if there 
is not such a binding formed already, wherein the translation is performed 
prior to sending the first data to the second domain destination; 

when the first destination address has an associated binding, 
translate the first destination address into a first private address specified 
by the associated binding as s ociat e d with th e first d e stinafion - addr e s sp-tiiat 
is also associated with the first private address, and the second interface, 
wherein the translation of the first destination address is performed prior to 
sending the first data out the second interface to the second doma - k * 
destination node; and 

send the first data to the second domain dostinatio a node based on 
the routing information. 

15. (currently amended) A NAT system as recited in claim 14, wherein when the 
first data has a DNS payload, one or more memory, wherein at least one of the processors and 
memory are further adapted to: 

translate the DNS payload of the first data into a second public address, wherein 
the translation of the first destination address is performed prior to sending the first data to the 
second domain destination node; and 

form a second binding between the DNS payload address, the second public 
address, and the first interface. 

16. (cancelled) 
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17. (currently amended) A NAT system as recited in claim 14, wherein the first data 
is a DNS request, wherein at least one of the processors and memory are further adapted to: 

receive a second data after the first data, wherein the second data has a 
second source address, a second destination address, and a DNS payload address, 
wherein the second data is sent by a third node in t he second domain couroo to the 
first node in the first domain d e stination, and wherein the second data is a DNS 
reply received into a the second interface and output from the first interface; 

obtain routing information for the second data; 

when th e- PNS - payload addroafl ic private, translate the DNS payload 
address into a second public address and forming a second binding between the 
DNS payload address, the second public address, and the second interface, 
wherein the translation is performed prior to sending the second data out the first 
interface to the first d oma i n d e stination node; and 

send the second data to the first domain destination node based on the 
routing information obtained for the second data, 

18. (original) A NAT system as recited in claim 17, wherein the first binding 
between the first source address, the first public address, and the first interface is formed by 
creating a first entry in a first table that includes a first identifier for both the first public address 
and the first destination address, a destination pointer that references information on how to 
translate a destination address of a first subsequently received data from the first public address 
to the first source address, and a source pointer that references a null value. 

19. (original) A NAT system as recited in claim 18, wherein the source pointer 
referencing a null value indicates that the source address of the first subsequently received data 
does not require translation. 
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20. (original) A NAT system as recited in claim 19, wherein at least one of the 
processors and memory are further adapted to modify the first binding, wherein the first binding 
is modified and the second bidding is formed by: 

creating a second entry in the first table that includes a second identifier for both 
the first source addres$ and the second public address, a destination pointer that references 
information on how to translate a destination address of a second subsequently received data 
from the second public address into the DNS payload address, and a source pointer that 
references information on how to translate a source address of the same second subsequently 
received data from the first source address into the first public address; and 

creating a third entry in the first table that includes a third identifier for both the 
DNS payload address and the first public address, a destination pointer that references 
information on how to translate a destination address of a third subsequently received data from 
the first public address into the first source address, and a source pointer that references 
information on how to translate a source address of the third subsequently received data from the 
DNS payload address into the second public address. 

21. (original) A NAT system as recited in claim 20, wherein the destination and 
source pointers each reference a pair having a private address of a particular interface and a 
corresponding public addre$$> wherein the pair provide pre-translation and post-translation 
addresses for a particular source or destination address. 

22. (original) A NAT system as recited in claim 14, wherein at least one of the 
processors and memory are further adapted to track which interfaces may communicate with 
which other interfaces, 

23. (original) A NAT system as recited in claim 22, wherein tracking is 
accomplished by setting up or dismantling one or more groups that each define which interfaces 
may communicate with each other. 
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24. (original) A NAT system as recited in claim 23, wherein at least one of the 
processors and memory are further adapted to select a pool of public addresses for each group. 

25. (currently amended) A computer program product for performing network 
address translation on data, the computer program product comprising: 

at least one computer readable medium; 

computer program instructions stored within the at least one computer readable 
product configured to cause a network address translation system to: 

receive a first data having a first source address and a first 

destination address, wherein the first data is sent by a first node in a first 

domain source to a second node in a second domain d estination ) and 

wherein the first data is received into a first interface and output from a 

second interface, and wherein the first domain differs from the secon d 

domain; 

obtain routing information for the first data; 

whon the first sourc e addr ess io privat e , translate the first source 
address into a first public address and forming a first binding between the 
first source address, the first public address, and the first interface if there 
is not such a binding formed already, wherein the translation is performed 
prior to sending the first data to the second domain destination; 

when the first destination address has an associated binding, 
translate the first destination address into a first private address specified 
by the associated binding associated with th e first d e stination addr e ss that 
is also associated with the first private address, and the second interface^ 
wherein the translation of the first destination address is performed prior to 
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sending the first data out the second interface to the second domain 
destination node; and 

send the first data to the second domain destinatio n node based on 
the routing information. 

26. (currently amended) A computer program product as recited in claim 25, 
wherein when the first data has a DNS payload, one or more memory, wherein the computer 
program instructions are further configured to cause the network address translation system to 

translate the DNS payload of the first data into a second public address, wherein 
the translation of the first destination address is performed prior to sending the first data to the 
second domaLa destination node; and 

form a second binding between the DNS payload address, the second public 
address, and the first interface. 

27. (cancelled) 

28. (currently amended) A computer program product as recited in claim 25, 
wherein the first data is a DNS request, wherein the computer program instructions are further 
configured to cause the network address translation system to 

receive a second data after the first data, wherein the second data has a 
second source address, a second destination address, and a DNS payload address, 
wherein the second data is sent by a third node in t he second domain sourc e to the 
first node in the first domain destination , and wherein the second data is a DNS 
reply received into a the second interface and output from the first interface: 

obtain routing information for the second data; 
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whon the DNS payload addrooo id private, translate the DNS payload 
address into a second public address and forming a second binding between the 
DNS payload address, the second public address, and the second interface, 
wherein the translation is performed prior to sending the second data out the first 
interface to the first domain doGtinatiQ B: node; and 

send the second data to the first domoxa de s tination node based on the 
routing information obtained for the second data. 

29, (original) A computer program product as recited in claim 28, wherein the 
first binding between the first source address, the first public address, and the first interface is 
formed by creating a first entry in a first table that includes a first identifier for both the first 
public address and the first destination address, a destination pointer that references information 
on how to translate a destination address of a first subsequently received data from the first 
public address to the first source address, and a source pointer that references a null value. 

30 ► (original) A computer program product as recited in claim 29, wherein the 
source pointer referencing a null value indicates that the source address of the first subsequently 
received data does not require translation. 

31. (original) A computer program product as recited in claim 30, wherein the 
computer program instructions are further configured to cause the network address translation 
system to modify the first binding, wherein the first binding is modified and the second binding 
is formed by: 

creating a second entry in the first table that includes a second identifier for both 
the first source address and the second public address, a destination pointer that references 
information on how to translate a destination address of a second subsequently received data 
from the second public address into the DNS payload address, and a source pointer that 
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references information on how to translate a source address of the same second subsequently 
received data from the first source address into the first public address; and 

creating a third entry in the first table that includes a third identifier for both the 
DNS payload address and the first public address, a destination pointer that references 
infoixxxation on how to translate a destination address of a third subsequently received data from 
the first public address into the first source address, and a source pointer that references 
information on how to translate a source address of the third subsequently received data from the 
DNS payload address into the second public address. 

32. (original) A computer program product as recited in claim 31, wherein the 
destination and source pointers each reference a pair having a private address of a particular 
interface and a corresponding public address, wherein the pair provide pre-translation and post- 
translation addresses for a particular source or destination address. 

33. (original) A computer program product as recited in claim 25, wherein the 
computer program instructions are further configured to cause the network address translation 
system to track which interfaces may communicate with which other interfaces. 

34. (original) A computer program product as recited in claim 33, wherein 
tracking is accomplished by setting up or dismantling one or more groups that each define which 
interfaces may communicate with each other. 

35. (original) A computer program product as recited in claim 34, wherein the 
computer program instructions are further configured to cause the network address translation 
system to select a pool of public addresses for each group. 

36. (currently amended) An apparatus for performing network address translation on 
data, the apparatus comprising: 

means for receiving a first data having a first source address and a first 
destination address, wherein the first data is sent by a first node m a first domain 
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source to a second node in a second domain destination, and wherein the first data 
is received into a first interface and output fr om a second interface, and wherein 
the first domain differs from the second domain: 

means for obtaining routing hxformation for the first data; 
means for translating the first source address into a first public address and 
forming a first binding between the first source address, the first public address, 
and the first interface if there is not such a binding formed alread y whan the first 
source address i s privat e , wherein the translation is performed prior to sending the 
first data to the second domain destination; 

means for translating the first destination address into a first private 
address specified byfeea binding associated with the first destination address, the 
first private address, and the second interface when the first destination address 
has an associated binding, wherein the translation of the first destination address is 
performed prior to sending the first data out the second interface to the second 
domain destination node: and 

means for sending the first data to the second domain destination node 
based on the routing information. 

37. (currently amended) A m e thod An apparatus as recited in claim 36, wherein the 
first data is a DNS request, the apparatus further comprising: 

means for receiving a second data after the first data, wherein the second 
data has a second source address, a second destination address, and a DNS 
payload address, wherein the second data is sent by a third node in the second 
domain sourc e to the first node in the first domain destination, and wherein the 
second data is a DNS reply received into a the second interface and output from 
the "first interface: 
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means for ob taining routing information for the second data; 

means for translating the DNS payioad address into a second public 
address and forming a second binding between the DNS payload address, the 
second public address, and the second interface whon the DNS payload addr e ss - is 
private, wherein the translation is performed prior to sending the second data out 
the first interface to the first domain destination node : and 

means for sending the second data to the first domain destination node 
based on the routing information obtained for the second data. 
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